Re: strange connection attempts
From: Crist J. Clark (crist.clark@attbi.com)
Date: 04/14/03
- Previous message: GiZmen: "Re: strange connection attempts"
- In reply to: GiZmen: "Re: strange connection attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Apr 2003 13:03:25 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: GiZmen <gizmen@pals.one.pl>
On Mon, Apr 14, 2003 at 09:44:31PM +0200, GiZmen wrote:
[snip]
> my address is "xxx" and 192.43..... is an expamle address of dns server.
>
> I know that dns use an udp protocol but is it normal to have these connection
> attempts??
Someone else already explained this. It comes down to: the timeout of
your DNS application is shorter than the timeout on the firewall. Your
DNS application sends out a query and waits... and gives up. When it
give up, it closes the socket. However, the DNS server Out There
manages to still return a response some time later. Your firewall has
not timed out the UDP "connection" yet, so the response come
through. But there is no listening socket anymore, so it gets
logged_in_vain.
-- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: GiZmen: "Re: strange connection attempts"
- In reply to: GiZmen: "Re: strange connection attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
